Add Bandit badge

bshastry · Oct 6, 2023 · 078c8cf · 078c8cf
1 parent 35ff2b1
commit 078c8cf
Showing 1 changed file with 28 additions and 1 deletion.
diff --git a/.github/workflows/bandit.yaml b/.github/workflows/bandit.yaml
@@ -27,4 +27,31 @@ jobs:
           pip install bandit
 
       - name: Run Bandit
-        run: bandit -r .
+        id: bandit
+        run: bandit -r . --format json -o bandit_results.json
+
+      - name: Determine Badge URL
+        id: determine_badge
+        run: |
+          python3 - <<EOF
+          import json
+
+          with open('bandit_results.json') as f:
+              results = json.load(f)
+
+          if results['metrics']['_totals']['SEVERITY.HIGH'] > 0 or results['metrics']['_totals']['SEVERITY.MEDIUM'] > 0 or results['metrics']['_totals']['SEVERITY.LOW'] > 0:
+              badge_url = 'https://img.shields.io/badge/Bandit-Issues%20Detected-red?label=high%3A{}%20medium%3A{}%20low%3A{}'.format(
+                  results['metrics']['_totals']['SEVERITY.HIGH'],
+                  results['metrics']['_totals']['SEVERITY.MEDIUM'],
+                  results['metrics']['_totals']['SEVERITY.LOW']
+              )
+          else:
+              badge_url = 'https://img.shields.io/badge/Bandit-No%20Issues%20Found-brightgreen'
+
+          print(badge_url)
+          EOF
+
+      - name: Update README with Badge
+        run: |
+          badge_url=$(echo "${{ steps.determine_badge.outputs.stdout }}")
+          sed -i "s|!\[Bandit Workflow\]\([^)]+\)|![Bandit Workflow](${badge_url})|" README.md